Cisco ASA NGFW vs. Fortinet FortiGate

As of March 2019, Cisco ASA NGFW is ranked 2nd in Firewalls with 80 reviews vs Fortinet FortiGate which is ranked 1st in Firewalls with 46 reviews. The top reviewer of Cisco ASA NGFW writes "Syslog generation and forwarding are good but it lacks many UTM features". The top reviewer of Fortinet FortiGate writes "The IPsec tunnels are very easily created, and quite interoperable with devices from other vendors". Cisco ASA NGFW is most compared with Fortinet FortiGate, Meraki MX Firewalls and Cisco Firepower NGFW. Fortinet FortiGate is most compared with Cisco ASA NGFW, Sophos UTM and pfSense. See our Cisco ASA NGFW vs. Fortinet FortiGate report.
Cancel
You must select at least 2 products to compare!
Cisco ASA NGFW Logo
112,253 views|52,710 comparisons
Fortinet FortiGate Logo
231,412 views|108,146 comparisons
Most Helpful Review
Find out what your peers are saying about Cisco ASA NGFW vs. Fortinet FortiGate and other solutions. Updated: March 2019.
325,421 professionals have used our research since 2012.
Quotes From Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros
The IPS (In-plane switching) is the most valuable feature.Its ability to discover attacks is a valuable feature. All of the other features that have to do with security are good.The greatest benefit for the organization is the confidence that we are secured.This solution has good security, and it's a good product. You can trust Cisco, and there's support as well, which is really good.Its VPN and ASN features are very stable.The setup was straightforward. I was happy with the configuration and deployment of the solution, as it was quick.It provides security for our company and users.It protects our network.

Read more »

We can use our devices to check all of the perimeters. It secures email websites.I really like the captive portal feature for our guest network. It has nice VLAN features in terms of separating our network. The anti-virus is also good.Advanced routing (RIP, OSPF, BGP, PBR). It gives you a seamless and simple integration into a large network.We use a southern institution that's audited for IT security and the reporting that automatically comes off the unit makes it much easier to meet compliance standards and makes it easier as far as the amount of time that has to be spent to compile that information. If you get your reporting set up correctly when you initially set it up, you just select the one you want and hit print. The auditing trail on it is the best feature.It is easy to use and performs very well.We are a visual effects company, and there have been a number of high profile security issues in our industry. This has brought us to a higher standard of security, which our clients are very keen on these days.It's a firewall that secures our internal network. I have been using it since 2013, and I find that most of the features are advanced, and very user friendly.The most valuable feature is the bundled subscription, which is IPS, TV and web filtering.

Read more »

Cons
At times the product is sluggish and slowSome of the features, like the stability, need to be improved.There may have been one or two incidences of malicious threats.The phishing emails could be improved.In terms of next-generation capabilities, Cisco is a little behind, and it is way behind the market leaders.The initial setup was complex.The pricing is a bit high.Migration with other appliances is not easy. It has to be done manually, and this takes a long time.

Read more »

They need to improve their technical support.Some of the filtering is not robust, you can escape it with a VPN. Some of the users bypass some of the filters. It catches some but it also misses some, that area could be improved. It's functioning reasonably but there's room for improvement in that area.I think there could be more QoS featuresThey should make the rule sets more understandable for the end user. When you're trying to explain to somebody how a computer network is secured, sometimes it's difficult for an end user or customer to understand. If there was a way to make the terminology more accessible to the end user, the set up could be easier. They should translate the technical jargon to an easily relatable and understandable conversation for the end user, the customer, that would be brilliant. Particularly in an environment where the IT structure is audited regularly, there's always pressure from the auditor to up the standards and up the security and you get your USCERT's that come out and there's a warning about this and the customer will want to lock out so much and when you apply it they run into issue where they can't search the internet or print to their remote office. Of course they can't print to your remote office, they just locked it up. They should make the language more understandable for the customer. If there's a product out there that made the jargon understandable to John Q. Public, I would buy that.There could be more integration between the logging and analytical platforms to make it more seamless and integrated.We had a minor problem where there was a major system upgrade on the hardware platfrom and the Mac client was not available as soon as it might have been. The PC client was available immediately, but we had to wait a month or so, before there was a mac client. I was slightly irritated that it was not ready on time, but it was eventually resolved.The web-cache feature which was previously on the FortiGate device, but was deleted with the recent upgrade should be returned. It was a very valuable feature for us.I think they need to improve more in order to be a competitor with the leaders of the field.

Read more »

Pricing and Cost Advice
Pricing is high, but it is essentially a corporate decision.The cost is a bit high compared to other solutions in the market.Cisco recently has become very expensive.The cost is a bit higher than other competitive solutions on the market.It is considered on the "high end" of the spectrum.The cost of keeping the licensing up on the ASA is very expensive. It has a lot of positives, but the cost of going with it is really starting to be a major negative right now.Commercial leasing is the best option.ASA pricing seems high compared to other firewalls, such as the Sophos XG models.

Read more »

Compared to Palo Alto, which we have used in the past, pricing and licensing are okay.Setup cost may be not so low, as you expect, because it depends on different factors, but TCO for 5 years may pleasantly surprise you.The initial setup is super straight forward and as far as the licensing goes for the small product that we have, the pricing was pretty competitive. It wasn't as simple and as cheap as a SonicWall but for the service we would get it was a good price.It is a good product from a price perspective versus functionality.Price-wise, it's at a good price point for our market.It is cost-effective, and provides a good value for your money. The pricing, and license renewal, is very reasonable for us.They need to be competitive with other solutions.It is an inexpensive solution.

Read more »

report
Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
325,421 professionals have used our research since 2012.
Answers from the Community
Miriam Tover
Alberto E. Luna RodriguezReal User

Fortinet FGs: Great devices, relatively easy to deploy and maintain. Cheaper than most devices of their kind. If you're looking for a lot of features at a relatively low price point this is the way to go. However, beware of Fortinet's promises performance-wise, if you take this route you'll want to over-dimension your device a bit, otherwise you will not be activating the features you're buying. Stability and reliability is OK (careful with software upgrades as they tend to break some things).

Cisco ASA: My personal preference because of the peace of mind they provide (specially if it's your phone that rings every time something breaks). Not as friendly as Fortinet, takes effort deploy and maintain. They are more expensive and offer less features, but they do the work they are built for, and they do it exceptionally. If you are looking for stability, reliability and great support, and you don't mind spending some extra dollars then this is the way to go, Firepower adds some of the missing features that other vendors offer, but not as well integrated IMO. They are improving on that regard, but still lag behind other vendors with UTM devices.

18 December 18
Network Engineer with 201-500 employeesReal User

1. The biggest difference between the two is the pricing. You can get a higher model of FortiGate with all the bells and whistles for a quarter of the price of the basic model of the Cisco Firepower (cisco's next gen firewalls).
2. Cisco ASA will be end of production pretty soon. I am unsure if they will continue to sell the ASA with Firepower bundle.
3. The only upside of buying Cisco these days is for the TAC support which of course comes with a huge cost of smartnet support cost.
4. The down side of FortiGate is that their support isn't as great as Cisco. So if you know what you are doing you can get by with FortiGate just fine and save a bunch of money in the process. It is not that difficult to work with FortiGate.
5. My suggestion is do a Proof of Concept with both the hardware on site and evaluate the performance and ease of use. Your sales rep for Cisco and FortiGate should be able to get you a demo device.
6. Also key when choosing a firewall is understanding the nature of your traffic. For example: My previous company dealt with a lot of bid traffic which are really small packets but in large numbers and the Palo Alto firewall that we brought for almost $500K could not handle it, hence do your due diligence and understand the traffic that will be passing through the firewall.
7. Evaluate the firewall to see if it can handle east-west traffic security (zero trust deployment).

19 December 18
COO/CTO at a pharma/biotech company with 11-50 employeesReal User

Before I respond completely, does it matter if the bandwidth is compromised while all firewall apps are active?

My experience with Fortinet was heavy overhead while their firewall apps were active. This was with a 1GHz Verizon FIOS business account (1 GHz up AND download). Hardwired endpoints and WiFi connections using Fortigate APs were under 20 devices. We were below 100 MHz and was confirmed with my 3rd party whom I had a 5 day a week 8 hours/day support account. That is a greater than 90% overhead. The Fortinet device was a 90-D router - that was overkill for what my company size was and yet, still had that performance.

17 December 18
Jefferson LoiseauUser

In order to answer that question a few things needs to be understood about the current environment.

For small to medium business where funding is a concern, the Fortinet are a very good long term solution. If you are deploying an External and Internal environment, you could leverage a combination of both where the Cisco ASA is on the internal and Fortinet on the external.

Fortinet’s are easier to deploy and there security approach is top end.

ASA are a bit more difficult and with the FirePower are known to be an issue when deploying and pushing out policies.

I’d be more inclined to go with the Fortinet’s than ASA’s is staff and resources are limited.

17 December 18
Goumou FerdinandUser

Hello, I recommend Cisco ASA, it is very consistence, powerful, flexible and interoperability that is the main goal of Cisco products. I always recommend to my client ASA if they need Firewall only.
Fortigate is a good product, easy to implement and manage, it is also less expensive compare to ASA, I most of the time recommend Fortinet to a client who have limited budget for security, so by choosing Fortigate, the client can use the other services such as antivirus, malware protection, application control and so on.
So in summary the choice is not made base on the device, but base on the customer infrastructure, budget and technical resource they have to manage the devices.

Cheers,

20 December 18
Ranking
2nd
out of 50 in Firewalls
Views
112,253
Comparisons
52,710
Reviews
78
Followers
3,896
Avg. Rating
7.9
1st
out of 50 in Firewalls
Views
231,412
Comparisons
108,146
Reviews
42
Followers
4,243
Avg. Rating
8.6
Top Comparisons
Compared 34% of the time.
Compared 17% of the time.
Compared 13% of the time.
Compared 9% of the time.
Also Known As
Cisco ASA, Adaptive Security Appliance, ASAFortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate
Learn
Cisco
Fortinet
Overview

Adaptive Security Appliance (ASA) is Cisco's end-to-end software solution and core operating system that powers the Cisco ASA product series. This software solution provides enterprise-level firewall capabilities for all types of ASA products, including blades, standalone appliances and virtual devices. Adaptive Security Appliance provides protection to organizations of all sizes, and allows end-users to access information securely anywhere, at any time, and through any device.

Adaptive Security Appliance is also fully compatible with other key security technologies, and so provides organizations with an all-encompassing security solution.

Block more threats and quickly mitigate those that do breach your defenses with the industry’s first threat-focused NGFW.

The FortiGate family of NG firewalls provides proven protection with unmatched performance across the network, from internal segments, to data centers, to cloud environments. FortiGates are available in a large range of sizes and form factors and are key components of the Fortinet Security Fabric, which enables immediate, intelligent defense against known and new threats throughout the entire network.

Offer
Learn more about Cisco ASA NGFW
Learn more about Fortinet FortiGate
Sample Customers
There are more than one million Adaptive Security Appliances deployed globally. Top customers include First American Financial Corp., Genzyme, Frankfurt Airport, Hansgrohe SE, Rio Olympics, The French Laundry, Rackspace, and City of Tomorrow.Pittsburgh Steelers, LUSH Cosmetics, NASDAQ, Verizon, Arizona State University, Levi Strauss & Co. Whitepaper and case studies here
Top Industries
REVIEWERS
Financial Services Firm16%
Manufacturing Company14%
Comms Service Provider12%
Healthcare Company6%
VISITORS READING REVIEWS
Comms Service Provider22%
Financial Services Firm15%
Manufacturing Company10%
Transportation Company8%
REVIEWERS
Real Estate/Law Firm11%
Comms Service Provider11%
Healthcare Company8%
Financial Services Firm8%
VISITORS READING REVIEWS
Cloud Provider17%
Comms Service Provider9%
Writing And Editing Position8%
Financial Services Firm8%
Company Size
REVIEWERS
Small Business38%
Midsize Enterprise29%
Large Enterprise33%
VISITORS READING REVIEWS
Small Business40%
Midsize Enterprise28%
Large Enterprise33%
REVIEWERS
Small Business49%
Midsize Enterprise26%
Large Enterprise26%
VISITORS READING REVIEWS
Small Business49%
Midsize Enterprise36%
Large Enterprise15%
Find out what your peers are saying about Cisco ASA NGFW vs. Fortinet FortiGate and other solutions. Updated: March 2019.
325,421 professionals have used our research since 2012.
We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.

Sign Up with Email